from rest_framework.permissions import BasePermission
from django.conf import settings

class SkipAuthForPaths(BasePermission):
    """
    自定义权限类：跳过指定请求的认证
    """
    def has_permission(self, request, view):
        # 获取当前请求的路径
        path = request.path
        # 如果路径在 PASS_TOKEN 列表中，允许访问
        if path in settings.PASS_TOKEN:
            return True
        # 否则，执行默认的权限检查
        return request.user and request.user.is_authenticated